Skip to main content
POST
cURL

Authorizations

Authorization
string
header
required

Every request authenticates with an API key: Authorization: Bearer {API_KEY}. App endpoints take an app API key; knowledge endpoints take a knowledge base API key (Get Started).

Keep keys server-side; never embed them in client code. Requests with a missing or invalid key fail with HTTP 401 (unauthorized).

Body

multipart/form-data

File upload request. Requires multipart/form-data.

file
file
required

The file to upload, as one multipart/form-data part. The filename must not contain / or \.

Any extension is accepted unless it is on the deployment's security blacklist (UPLOAD_FILE_EXTENSION_BLACKLIST, empty by default).

Size limits per category: images 10 MB, audio 50 MB, video 100 MB, other files 15 MB by default; deployments may override them via the UPLOAD_*_FILE_SIZE_LIMIT environment variables.

user
string

End-user identifier this upload belongs to, defined by your app and unique within it. Omit it to attribute the upload to the shared DEFAULT-USER. Only later requests with the same user can reference the file. See End User Identity.

Response

File uploaded successfully.

id
string<uuid>

Unique file ID.

name
string

File name.

size
integer

File size in bytes.

extension
string | null

File extension.

mime_type
string | null

MIME type of the file.

created_by
string<uuid> | null

End-user ID of the uploader. Look up details with Get End User Info.

created_at
integer<int64>

Upload timestamp (Unix epoch seconds).

preview_url
string | null

Preview URL for the file.

source_url
string

Signed URL for downloading the file.

original_url
string | null

Original URL of the file.

user_id
string<uuid> | null

Unused; always null.

tenant_id
string<uuid> | null

ID of the associated tenant.

conversation_id
string<uuid> | null

ID of the associated conversation.

file_key
string | null

Unused; always null.